CVE-2022-47879 — HIGH (7.5)

Vulnerability Description

A Remote Code Execution (RCE) vulnerability in /be/rpc.php in Jedox 2020.2.5 allows remote authenticated users to load arbitrary PHP classes from the 'rtn' directory and execute its methods. NOTE: The vendor states that the vulnerability affects installations running version 22.5 or earlier. The issue was resolved with version 23.2 and later versions are not affected.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Jedox	Jedox	2020.2.5
Jedox	Jedox Cloud	-

Related Weaknesses (CWE)

CWE-94

References

http://jedox.comProduct
https://docs.syslifters.com/assets/vulnerability-disclosure/Vulnerability-DiscloExploitThird Party Advisory
https://jedox.mantishub.io/app/issues/57236
https://jedox.mantishub.io/app/issues/57237
https://jedox.mantishub.io/app/issues/57238
https://jedox.mantishub.io/app/issues/57239
http://jedox.comProduct
https://docs.syslifters.com/assets/vulnerability-disclosure/Vulnerability-DiscloExploitThird Party Advisory

FAQ

What is CVE-2022-47879?

CVE-2022-47879 is a vulnerability with a CVSS score of 7.5 (HIGH). A Remote Code Execution (RCE) vulnerability in /be/rpc.php in Jedox 2020.2.5 allows remote authenticated users to load arbitrary PHP classes from the 'rtn' directory and execute its methods. NOTE: The...

How severe is CVE-2022-47879?

CVE-2022-47879 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-47879?

Check the references section above for vendor advisories and patch information. Affected products include: Jedox Jedox, Jedox Jedox Cloud.